Trojan.Win32.Agent.nbcc

Technical Details
Payload
Removal instructions

Technical Details

Trojan program that performs malicious activities in the user’s system. It is a Windows (PE64 DLL-file). It is 83968 bytes in size. It is written in C++.

Installation

Installation in the system and creating the initial conditions to run this trojan performed by other malicious programs.

Payload

The program terminates its execution, if an account name, under which it is running, is different from:

SYSTEM

The trojan allows access to the infected system and has a number of commands to manipulate (search, create, move, delete) files and folders, downloading and running files, terminating the processes and logging out of the system. The Trojan also creates a SOCKS5 proxy server on any port. A notification of infection the trojan sends to an address that is stored in encrypted form in the registry key:

[HKLM\System\CurrentControlSet\Services\Tcpip\Performance]
"WbemAdapCode"

Removal instructions

If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:

1. Reboot a computer in a “Safe Mode” (at the beginning of system boot, press and hold the «F8», then select the «Safe Mode» the Windows boot menu).
2. Delete the original malicious file (the location on the infected computer will depend on how the program originally penetrated the victim machine).
3. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).